FBI Says Device Encryption Is 'Evil' And A Threat To Public Safety

from the thanks,-g-men.-we'll-take-it-under-advisement. dept

The FBI continues its anti-encryption push. It's now expanded past Director Christopher Wray to include statements by other FBI personnel. Not that Chris Wray isn't taking every opportunity he can to portray personal security as a threat to the security of the American public. He still is. But he's no longer the only FBI employee willing to speak up on the issue.

The Federal Bureau of Investigation was unable to access data from nearly 7,800 devices in the fiscal year that ended Sept. 30 with technical tools despite possessing proper legal authority to pry them open, a growing figure that impacts every area of the agency's work, Wray said during a speech at a cyber security conference in New York.

The FBI has been unable to access data in more than half of the devices that it tried to unlock due to encryption, Wray added.

"This is an urgent public safety issue," Wray added, while saying that a solution is "not so clear cut."

The solution is clear cut, even if it's not workable. What Wray wants is breakable encryption. And he wants companies to do the work and shoulder the blame. Wray wants to be able to show up at Apple's door with a warrant and walk away with the contents of someone's phone. How that's accomplished isn't really his problem. And he's not intellectually honest enough to own the collateral damage backdoored encryption would cause. But that's how Wray operates. He disparages companies, claiming encryption is all about profit and the government is all about caring deeply for public safety. Both statements are dishonest.

But Wray isn't the only FBI employee taking the move to default encryption personally. And the others commenting are taking the rhetoric even further, moving towards personal attacks.

On Wednesday, at the the International Conference on Cyber Security in Manhattan, FBI forensic expert Stephen Flatley lashed out at Apple, calling the company “jerks,” and “evil geniuses” for making his and his colleagues' investigative work harder. For example, Flatley complained that Apple recently made password guesses slower, changing the hash iterations from 10,000 to 10,000,000.

That means, he explained, that “password attempts speed went from 45 passwords a second to one every 18 seconds,” referring to the difficulty of cracking a password using a “brute force” method in which every possible permutation is tried.

[...]

“At what point is it just trying to one up things and at what point is it to thwart law enforcement?" he added. "Apple is pretty good at evil genius stuff."

This is great. Apple is now an "evil genius" because it made stolen iPhones pretty much useless to thieves. Sure, the device can be sold but no one's going to be able to drain a bank account or harvest a wealth of personal information. This was arguably in response to law enforcement (like the FBI!) complaining cellphone makers like Apple were assholes because they did so little to protect users from device theft. And why should they, these greedy bastards? Someone's phone gets stolen and the phone manufacturer now has a repeat customer.

Encryption gets better and better, limiting the usefulness of stolen devices and now Apple is an "evil genius" engaged in little more than playing keepaway with device contents. Go figure.

The FBI's phone hacker did have some praise for at least one tech company: Cellebrite. The Israeli hackers were rumored to have helped the FBI get into San Bernardino shooter Syed Farook's phone after a failed courtroom showdown with Apple. The FBI ended up with nothing -- no evidence on the phone and no court precedent forcing companies to hack away at their own devices anytime the government cites the 1789 All Writs Act.

Now we're supposed to believe device makers are the villains and the nation's top law enforcement agency is filled with unsung heroes just trying to protect the public from greedy phone profiteers. I don't think anyone believes that narrative, possibly not even those trying to push it.

Truth is Optional

As is honesty.The only thing that matters to corrupt officials is the wishes of their `owners'.Just as they're not willing to call a backdoor a backdoor, they're not willing to admit their push for "New Slavery".

With 'friends' like these...

The Federal Bureau of Investigation was unable to access data from nearly 7,800 devices in the fiscal year that ended Sept. 30 with technical tools despite possessing proper legal authority to pry them open, a growing figure that impacts every area of the agency's work, Wray said during a speech at a cyber security conference in New York.

Meanwhile I feel very safe in assuming that effective, working encryption has protected vastly more than 7,800 devices from various criminals, protecting people from having personal and/or valuable information stolen in addition to having their property stolen, but of course the FBI would rather overlook that little tidbit.

The FBI has been unable to access data in more than half of the devices that it tried to unlock due to encryption, Wray added.

Which completely killed the relevant cases, because the only evidence they had was located on the devices, right? The only thing standing between them and a conviction was access to a particular device, rather than say it possibly making the cases/investigations easier?

"This is an urgent public safety issue," Wray added, while saying that a solution is "not so clear cut."

He's partially correct, but not in the way he means. Having the FBI and other government agencies attacking a critical security feature that millions depend on is most certainly an 'urgent public safety issue', however it's not caused by the tech companies, but rather by him and others like him.

As for the second half the solution is in fact very 'clear cut', and is extremely simple:

Stop attacking the security millions depend on to protect themselves.

Stop trying to vilify an extremely important security measure simply because you don't like the fact that you can't get access to everything simply by demanding it.

Stop trying to hand the public to criminals country-wide by making their personal devices vastly less secure.

In short: Stop trying to make the 'job' of criminals easier just because it would make fulfilling your desires easier too.

"Now we're supposed to believe device makers are the villains and the nation's top law enforcement agency is filled with unsung heroes just trying to protect the public from greedy phone profiteers."

Hmm.. I actually think law enforcement has greatly overstepped its authority and acts generally like a bunch of voyeur thugs in a criminal gang towards citizens that are lucky if they don't come out of the interaction dead.

Re: With 'friends' like these...

Stop trying to make the 'job' of criminals easier just because it would make fulfilling your desires easier too.

Except that it wouldn't do even that. The existence of secure encryption depends on the laws of mathematics not the policies of Apple. Even if Apple only offered backdoored encryption serious criminals would still be able to deploy their own encryption. Only the low hanging fruit would be affected - and they usually leave plenty of other evidence to work with.

As for San Bernardino - well the two main perpetrators were already dead, and it has been shown time and again that these Islamic plots don't depend on sophisticated support networks. So why bother? There was nothing that the FBI could have "cracked" and this was baltantly obvious from the very start.

These attacks are triggered by information which is propagated in plain sight via the various Islamic scriptures. The way to combat them it to take on the ideology in the public square.

Re:

Re: Re: With 'friends' like these...

Except that it wouldn't do even that.

Ah, but you see that's where the distinction between 'job' and 'desire' comes into play, and it's why I used the latter rather than the former. Crippling encryption would make their desire to be able to access any device simply by issuing a demand for access vastly easier, however it would make their jobs much harder by causing an absolute explosion of crime thanks to said crippled encryption.

Their desires are in conflict with their jobs, but they are aligned with the desires of enormous amounts of criminals who have got to be positively salivating over the idea of millions of people forced to use broken encryption.

How very cabal news

Sounds like you should go to these conferences, or watch them on youtube. It would seem you don't grok wise-ass-ease.

While I totally disagree with the FBIs position on the subject, the article appears to conflate a technical discussion with a political one. In a technical context, the comment is a compliment.

Which is to say that you've very likely strayed into the typical misconstrued-quoting practices common to institutions that are generally regarded with contempt in these waters. In the future please check your trim before takeoff.

Re:

Then the FBI lambasted the glove industry for enabling criminals to commit crimes without leaving fingerprints. The evil geniuses of the glove cartel are making the jobs of police everywhere much more difficult, and should be forced to work on gloves that leave fingerprints when used to commit crimes.

Re: How very cabal news

No, I think you don't grok the context. He called Apple a bunch of jerks for implementing better encryption and security, praised Cellebrite, and called Apple a bunch of evil geniuses. Yes, in some contexts calling a giant tech company a bunch of evil geniuses could be a compliment, but not here. Not coming from an FBI representative talking about how terrible it is that they can't get into any old iPhone they happen to nab from suspected criminals and/or victims.

Let the FBI test this idea

If encryption is really so bad, then why doesn't the FBI test this idea and lead by example: from now on, they should 100% unencrypted cellphones, e-mails, and other communications. If no data is stolen and no one loses anything, then we'll slowly roll it out to the rest of the country.

Geniuses

Re: Re: Re: Re: With 'friends' like these...

Which is how they apply the thumb screws. Get a little now, decry that satisfaction was achieved, get a little more, claim no satisfaction, go after some more, totally unsatisfying. And bit by bit the tree of liberty is put through the wood chipper.

Next they'll be ...

Re: Next they'll be ...

Nah. They are more reasonable than that. They will only require divert-ability on man made asteroids, that is until the vectoring thrusters fail or run out of fuel, then it will be 'oh well', who could have foreseen that?

They need help.

The FBI should simply ask their friends over at the NSA for help.

The NSA has some smart people. If it were possible to build a secure system that had a Workable access when warranted they should be able to create it. It would need to be vetted by multiple outside parties (any and everybody). Then they wouldn't need to always whine that the tech companies should 'nerd harder'.

If that were to happen all the serious 'bad guys' would simply use another system developed outside the U.S. So sad FBI, it is not happening. There is a word for when the wishes of the government override the will of the people; that word is NAZI.

Wonder how Stephen Flatley will feel.....

I wonder if his mind will change when his unencrypted device is lost and found by criminals who use his personal information to wipe out his bank accounts, 401k and file for his tax return before he does.

Or is it OK for him to use encryption to protect himself but not OK for me to do the same?

Re:

"what it fails to enumerate is the cumber of convictions they failed to obtain solely and only because they could not gain access"

Also, the number of devices they were able to access that contained data vital to secure a conviction that they would not have been able to obtain otherwise. Like the arguments about torture, etc., they tend to be very light on those sorts of details, because they know it will not show the result they claim to need these powers for.

Evil Is As Evil Does

Evil also manifests as no-knock, flashbang, assaults on pets, children, and the murder of innocents unaware of sniper killers (ala Ruby Ridge), and sting operations against the mentally impaired and shutting down entire cities while sacrificing their own operatives in "drills" gone live, etc., etc.

He was supposedly speaking to the Pennsylvania legislature over a tax issue at the time, but the quote is still as appropriate for this debate as it is over the ability to tax.

The FBI would have us give up our Fourth and Fifth Amendment rights to gain a little security only to have given up our privacy and security from a government that has no right to invade citizen privacy at will regardless of "having nothing to hide." Down that road lies totalitarianism and that's exactly what Franklin was warning people over.

Apple's also in an unenviable position here. If they start bypassing encryption on their own devices at any government's whim they've destroyed their customer's trust. People will stop buying their phones. Sure enough if Apple can do it, anyone else will know there's a way and will find it. Apple's primary revenue is in their phone business, they don't want to jeopardize that.

Re: Re: Re: How very cabal news

The FBI is taking money directly from Apple themselves straight into Christopher Wray's personal bank account and the banks of other agents to "complain" how hard Apple is to crack as a form of 'security publicity'.

Cheap and Sleazy, the FBI has been in the pockets of private businesses and not serving the US for a LONG time.

Re:

"7,800 devices",

It would be interesting to know how many of those are duplicates. (multiple devices per case), as well as how many resulted in contempt of court citations.

7800 is small enough to collate in a spread sheet. Frankly I think making such a declaration was a mistake. Nationally it really isn't that big of a number. And if they are pissed about 7800 units, they are going to go completely batshit about what is coming down the pike.

Re: Re: Re: Re: How very cabal news

Ah. So you are able to clearly contextualize a blurb spoken from a podium a thousand miles away, amidst a cacophony of discussion by hundreds of engineers.

You skills of deduction exceed mine sir. Perhaps you should like to hire yourself out reading tea leaves?

Again, I totally disagree with the FBI. But I don't presume to posit an opinion on the state of all medical matters after hearing one doctor fart in a coat closet. And the difference between the two, is what makes the difference between real journalism, and cabal news.

Re: With 'friends' like these...

It's what happens when your business is "catching criminals" and not "protecting people".

The FBI is interested in catching as many criminals as possible, therefore these criminals must have victims, and anything that protects people from being victims leads to no criminals the FBI can arrest.

This only sounds half bad if it's about encryption, but as it happens, the same happens with child abuse -- the FBI is actually interested in children being victims to abuse, just to arrest the perpetrators.

Re: Re: Re: Re: Re: How very cabal news

When that blurb is preceded and followed by statements calling Apple a bunch of jerks for making it even harder to hack their products and praising the company Cellebrite that actively works to hack Apple's and other companies' products, then yes, I think I've got a pretty clear context.

Plus, then there's the full 'evil genius' statement:

“At what point is it just trying to one up things and at what point is it to thwart law enforcement?" he added. "Apple is pretty good at evil genius stuff."

He is directly implying that Apple is actively working to thwart law enforcement (good guys) thereby making Apple 'evil geniuses' (bad guys).

How Bondian, James Bondian

"Apple is pretty good at evil genius stuff."

Don't you hate all this fake mutual admiration from an evil, federal, government agency towards an evil, giant, international corporation? We know the evil gov't agency just wants to make itself look better, if it ever finally manages to defeat the evil corporation. Also helps convince legislators (evil and otherwise alike) to provide additional funding for the evil agency to fight the overwhelmingly über-rich, evil corporation.

Thales: 34% of U.S. Federal Government Agencies Experienced Data Breach in Last Year

The list of US government data being exploited by hackers is mighty long.

The italicized/bold text examples above show the frequency of US government failures to safe guard data that was entrusted to it's incompetent care.

Dear Wrong Wray when you and your minions continuously make public pronouncements regarding law enforcement's wet dream of weakening of data encryption algorithms while at the same time not being able to secure the data already in the US governments possession makes you sound and look like a tax-feeding know-nothing nincompoop.

Re:

Re: With 'friends' like these...

One more for your list:

Start... doing your damned job and put the criminal gangs, and their paymasters (who might turn out to be the leaders of certain 3-letter US government agencies) out of business. Millions of taxpayers' private records lost in the last decade with crippling financial consequences for some, and you've got the nerve to whine about encryption? You know, on second thought, why don't you just look for another job?

Re: Replace encryption and guns and there would be a revolution.

You first, fed.

The government (which is to say practically all departments) over classify and intentionally obstruct FOIA requests. They act to prevent public oversight and they like to keep it that way.

Once we establish thorough public oversight of our state's departments at every level, and all things that are not current operational secrets, are transparent and easily accessible to an American citizen Then and not one day sooner should we talking about making private entities more transparent to the government. The government in general and the FBI specifically are completely corrupt, and we have no reason to trust them with private information, even when they threaten to beat it out of us (which they will).

So, no. The feds can have my encryption codes and my private files when it figures out how to pry them from my cold dead brain.

Re: Re: Re: Re: Re: With 'friends' like these...

At what point do they thank tech companies for getting people to put so much personal information in one or two devices in the first place, and storing it in the warrant-accessible cloud, and transmitting over far more capturable media than whispering in the park or making phone calls from unforeseen locations?

I think the few phones they can't crack is hardly an issue. That they make it one belies their true intents, mainly the grab for more more power (encryption, then the next thing, then the next), and having something to harp on repeatedly to use as an excuse for their next failure to stop some sort of incident (whether it is something reasonably stop-able or not).

Re: Might have to get off their asses

And, correct me if I'm wrong...but wasn't the FBI able to solve cases WITHOUT information from cell phones "back in the day"?? I mean, in the 40s they solved crime without access to everyones' text messages, and in the 30s they were able to go after gangsters without their voicemails, and in the 60s they broke criminal cases without having every suspects emails..maybe they could try and figure out how THAT was done, and, you know, emulate those procedures?

Re:

Well, if they're just throwing up their hands and saying "Fuck it. We can't get into this phone. Let the guy go." then yeah, they will have demonstrated that there is a problem. But, once again, not the one they think.

I'm fine with having the same level of encryption that the FBI uses for its devices. The same threat actors trying to penetrate their devices are probably trying to hack my device too, so it makes sense we would use comparable levels of encryption.

Re: Re: Replace encryption and guns and there would be a revolution.

I'm not sure the op intended a parallel as much as commenting on American sensibilities.

Also guns are tools of destruction yes so is dynamite and chainsaws. Destruction can be useful for certain purposes. Just because one could use a gun or a power drill to hurt someone doesn't mean one will. They are tools and I would think the issue is the people using the tool as apposed to the tool itself.

The Parallel between Guns and Encryption

Both are tools that, in the hands of the public, empower it against the state.

The FBI won't say that disarming the public would serve its interest in preserving the current regime, but plenty of law enforcement have said exactly that.

FBI's fear over encryption is that it would facilitate organization of resistance even when that resistance becomes a threat, and while a lone gunman isn't a real threat to law enforcement, a company of militia are. (And yes, some organized militia exist in the US.)

Incidentally, guns occupy the same spot, whether we call them tools or weapons. Our constitutional framers didn't specify guns but general arms that is, weapons, knowing that even firearms may someday become obsolete. The point is the public cannot trust the state to keep something that the public is forbidden from having, including bioagents and nukes.

(Which is a good reason, incidentally, for the military to stop making bioagents and nukes, and yet they still do.)

And yes, you can argue that the people are not mature enough to be trusted with guns. But the same is true for the police and the military. Frankly, we can't be trusted with the responsibility of voting or knowing our best interests, but then who can we trust?

And that's why the people should have full access to guns, even if they're useless.

And this very same argument can be made regarding encryption. And secret communication can be as deadly as guns, if not worse.

negligent reporting, or propaganda?

Cellular baseband has access to system ram (where encryption keys are kept), and is under full control of the network provider- or who ever has fooled the phone into thinking they're the provider (like a stingray for instance...).

Look it up for christ sakes, don't take my word for it. Then look up Intel IME, AMD PSP, ARM trustzone...

When you understand how this works (please take the time- it's crucial information that TD seams unwilling to provide for whatever reason)- it's plain to see this is mostly distraction and redirection; whether intentional or not articles like this shape public opinion in ways beneficial to the fbi's goals (creating stupid criminals, and increased access to high lvl intelligence gathering tools originally justified by -for use against- genuine terrorism).

These articles serve as great advertising for apple/google, (who have likely provided generous gov access in exchange for turning blind eyes regarding Taxes and Anti-trust) while falsely convincing people their devices are secure. It doesn't matter how perfect your encryption is if you device is hopelessly structurally flawed- which describes 99%+ of devices built in the last 5 years. It's like waxing lyrical on how perfect one finger is while ignoring the necrotic hand it's connected to... Fundamentally dishonest or neglegent omission.